old
 1{
 2  pkgs,
 3  config,
 4  myvars,
 5  programsdb,
 6  ...
 7}: {
 8  nix.settings = {
 9    experimental-features = ["nix-command" "flakes"];
10    trusted-users = [myvars.username];
11    substituters = [
12      # cache mirror located in China
13      # "https://mirrors.ustc.edu.cn/nix-channels/store?priority=10"
14      # "https://mirror.sjtu.edu.cn/nix-channels/store?priority=10"
15      "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store?priority=10"
16
17      "https://nix-community.cachix.org?priority=20"
18    ];
19    trusted-public-keys = [
20      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
21      "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
22    ];
23    builders-use-substitutes = true;
24  };
25
26  nix.extraOptions = ''
27    !include ${config.sops.templates.access-tokens.path}
28  '';
29
30  sops.templates.access-tokens = {
31    content = ''
32      access-tokens = github.com=${config.sops.placeholder.github-access-token}
33    '';
34    mode = "0444"; # file must be accessible (r) to all users, because only the build daemon runs as root and not nix evaluator itself.
35  };
36
37  environment.etc."programs.sqlite".source = programsdb.packages.${pkgs.system}.programs-sqlite;
38  programs.command-not-found.dbPath = "/etc/programs.sqlite";
39}